Description
Solution
This article explains how to access the natted server internally with the Public IP/Virtual IP.
Solution
Step 1: Configure VIP
Log in to the GUI and go to Policy & Objects > Objects > Virtual IPs > Create new, set the following parameters:
Name: Give any friendly name, for example: Virtual IP.
Interface: “Any”
External IP: “Public IP/Virtual IP of the Server”, for example: 1.1.1.1 (WAN1)
Mapped IP: “Private IP/Internal IP of the Server”, for example: 192.168.1.10
Port Forwarding needs to be checked if the port is to be specified.
Step 2: Configure Policy
Incoming Interface : Wan1
Source Address : All
Outgoing Interface : Internal
Destination Address: Virtual IP
Service: HTTP (Specify the service to be used to access the server).
Select Ok
If NAT is selected, the source address is changed to the internal interface address. Normally, you would not want to perform source NAT since this has the effect of hiding the actual source address of the sessions.
Step 3: Configure Policy Route
Router > Static > Policy route > Create new >
Incoming Interface: Internal (select the local LAN interface)
Source Address: Specify the Local LAN Network
Destination Address: Specify the VIP configured "LOCAL IP"
Outgoing Interface: Internal (select the VIP server's local interface)
No Gateway is Required
Move the created policy route to the top of existing policy route.
Log in to the GUI and go to Policy & Objects > Objects > Virtual IPs > Create new, set the following parameters:
Name: Give any friendly name, for example: Virtual IP.
Interface: “Any”
External IP: “Public IP/Virtual IP of the Server”, for example: 1.1.1.1 (WAN1)
Mapped IP: “Private IP/Internal IP of the Server”, for example: 192.168.1.10
Port Forwarding needs to be checked if the port is to be specified.
Step 2: Configure Policy
Incoming Interface : Wan1
Source Address : All
Outgoing Interface : Internal
Destination Address: Virtual IP
Service: HTTP (Specify the service to be used to access the server).
Select Ok
If NAT is selected, the source address is changed to the internal interface address. Normally, you would not want to perform source NAT since this has the effect of hiding the actual source address of the sessions.
Router > Static > Policy route > Create new >
Incoming Interface: Internal (select the local LAN interface)
Source Address: Specify the Local LAN Network
Destination Address: Specify the VIP configured "LOCAL IP"
Outgoing Interface: Internal (select the VIP server's local interface)
No Gateway is Required
Move the created policy route to the top of existing policy route.
